Hello community, here is the log from the commit of package python for openSUSE:Factory checked in at 2013-08-30 11:47:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python (Old) and /work/SRC/openSUSE:Factory/.python.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python" Changes: -------- python-doc.changes: same change --- /work/SRC/openSUSE:Factory/python/python.changes 2013-08-21 13:46:18.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python.new/python.changes 2013-08-30 11:47:53.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Aug 26 13:55:35 UTC 2013 - lnus...@suse.de + +- update python-2.7.3-ssl_ca_path.patch patch to load default verify locations + if no ca_certs file is specified (bnc#827982, bnc#836739) + +------------------------------------------------------------------- @@ -5 +11 @@ - (CVE-2013-4073, bnc#834601) + (CVE-2013-4238, bnc#834601) Old: ---- CVE-2013-4073_py27.patch New: ---- CVE-2013-4238_py27.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-base.spec ++++++ --- /var/tmp/diff_new_pack.cHLXNL/_old 2013-08-30 11:47:54.000000000 +0200 +++ /var/tmp/diff_new_pack.cHLXNL/_new 2013-08-30 11:47:54.000000000 +0200 @@ -50,7 +50,7 @@ Patch22: python-2.7.4-aarch64.patch Patch23: python-2.7.4-no-REUSEPORT.patch Patch24: python-bsddb6.diff -Patch25: CVE-2013-4073_py27.patch +Patch25: CVE-2013-4238_py27.patch # COMMON-PATCH-END %define python_version %(echo %{tarversion} | head -c 3) BuildRequires: automake ++++++ python-doc.spec ++++++ --- /var/tmp/diff_new_pack.cHLXNL/_old 2013-08-30 11:47:54.000000000 +0200 +++ /var/tmp/diff_new_pack.cHLXNL/_new 2013-08-30 11:47:54.000000000 +0200 @@ -56,7 +56,7 @@ Patch22: python-2.7.4-aarch64.patch Patch23: python-2.7.4-no-REUSEPORT.patch Patch24: python-bsddb6.diff -Patch25: CVE-2013-4073_py27.patch +Patch25: CVE-2013-4238_py27.patch # COMMON-PATCH-END Provides: pyth_doc Provides: pyth_ps ++++++ python.spec ++++++ --- /var/tmp/diff_new_pack.cHLXNL/_old 2013-08-30 11:47:54.000000000 +0200 +++ /var/tmp/diff_new_pack.cHLXNL/_new 2013-08-30 11:47:54.000000000 +0200 @@ -56,7 +56,7 @@ Patch22: python-2.7.4-aarch64.patch Patch23: python-2.7.4-no-REUSEPORT.patch Patch24: python-bsddb6.diff -Patch25: CVE-2013-4073_py27.patch +Patch25: CVE-2013-4238_py27.patch # COMMON-PATCH-END BuildRequires: automake BuildRequires: db-devel ++++++ CVE-2013-4073_py27.patch -> CVE-2013-4238_py27.patch ++++++ ++++++ python-2.7.3-ssl_ca_path.patch ++++++ --- /var/tmp/diff_new_pack.cHLXNL/_old 2013-08-30 11:47:54.000000000 +0200 +++ /var/tmp/diff_new_pack.cHLXNL/_new 2013-08-30 11:47:54.000000000 +0200 @@ -1,6 +1,8 @@ ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -271,6 +271,7 @@ +Index: Python-2.7.5/Modules/_ssl.c +=================================================================== +--- Python-2.7.5.orig/Modules/_ssl.c ++++ Python-2.7.5/Modules/_ssl.c +@@ -271,6 +271,7 @@ newPySSLObject(PySocketSockObject *Sock, char *errstr = NULL; int ret; int verification_mode; @@ -8,15 +10,24 @@ self = PyObject_New(PySSLObject, &PySSL_Type); /* Create new object */ if (self == NULL) -@@ -331,11 +332,23 @@ - "verification of other-side certificates."); - goto fail; - } else { -- PySSL_BEGIN_ALLOW_THREADS +@@ -327,20 +328,32 @@ newPySSLObject(PySocketSockObject *Sock, + + if (certreq != PY_SSL_CERT_NONE) { + if (cacerts_file == NULL) { +- errstr = ERRSTR("No root certificates specified for " +- "verification of other-side certificates."); +- goto fail; +- } else { + PySSL_BEGIN_ALLOW_THREADS - ret = SSL_CTX_load_verify_locations(self->ctx, - cacerts_file, - NULL); -- PySSL_END_ALLOW_THREADS ++ ret = SSL_CTX_set_default_verify_paths(self->ctx); + PySSL_END_ALLOW_THREADS +- if (ret != 1) { +- _setSSLError(NULL, 0, __FILE__, __LINE__); +- goto fail; ++ } else { + /* If cacerts_file is a directory-based cert store, pass it as the + third parameter, CApath, instead + */ @@ -32,8 +43,13 @@ + cacerts_file, + NULL); + PySSL_END_ALLOW_THREADS -+ } + } + } + - if (ret != 1) { - _setSSLError(NULL, 0, __FILE__, __LINE__); - goto fail; ++ if (ret != 1) { ++ _setSSLError(NULL, 0, __FILE__, __LINE__); ++ goto fail; ++ } + } + if (key_file) { + PySSL_BEGIN_ALLOW_THREADS -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org